>couldn't we just code some protection against this Well security vulnerabilities are basically bugs, that is, programming mistakes, which a 3rd party can exploit to do things like crash or take control of the system.
There are some mitigations such as Address Space Layout Randomisation, Position Independent Code, Stack Smashing Protection, Mandatory Access Controls etc. If you are interested in the technical details of how these things work I recommend looking at the Hardened Gentoo documentation http://wiki.gentoo.org/wiki/Hardened/Introduction_to_Hardened_Gentoo. I think the general problem is more political than technical. Unfortunately no one really cares about security. Maybe it's because it can't be measured easily, unlike other things such as performance. If a regular person switches from OS A to OS B and their computer now takes twice as long to boot up they are just going to switch right back - regardless of any additional non-tangible benefits the latter may have, including security. At the moment we're in a sad situation where OS vendors will only implement watered down security controls so as to not harm things that customers actually notice such as performance. For example Windows, OS X and Linux all have some kind of ASLR so they can tick the box and say "yep, got that shiny feature" but if one were to scrutinise the actual implementations they are all woefully inadequate compared to the original Pax or OpenBSD design. Here is an article illustrating the kind of attitude I mean https://www.rsbac.org/documentation/why_rsbac_does_not_use_lsm. I think opening PDF files inside a virtual machine is not a bad way of solving the problem. There are obviously practical limits stopping you from having a VM for every application. If that idea of separating groups of addictions into different virtual machines still intrigues you though then you might be interested in the Qubes project. I hope this information is helpful. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
